# crypxe-wallet.pages.dev — SUSPICIOUS

> PhishDestroy identifies crypxe-wallet.pages.dev as an active crypto drainer hosted on Cloudflare. Resolves to 188.114.96.3 with 0/95 VirusTotal detections.

## Summary
PhishDestroy identifies crypxe-wallet.pages.dev as a newly active crypto drainer campaign impersonating a cryptocurrency wallet service. The site is deployed on Cloudflare Pages and leverages a legitimate-looking domain to trick users into connecting their wallets and authorizing malicious transactions. Security telemetry indicates this drainer kit is designed to siphon tokens and NFTs once wallet permissions are granted, aligning with recent patterns observed in crypto-draining operations. No specific brand is being impersonated in this instance, but the UI mimics common wallet interfaces to reduce user suspicion.  

This domain was flagged by PhishDestroy with unique seed ad835a. The threat exhibits 0/95 detections on VirusTotal as of the latest scan, indicating it remains undetected by most antivirus engines. It is registered through Cloudflare, Inc. and resolves to IP address 188.114.96.3, which is associated with Cloudflare’s edge network. The domain holds a valid SSL certificate issued by Let’s Encrypt, increasing its credibility to unsuspecting users. While the exact registration date is not publicly available, the active status and fresh infrastructure suggest recent deployment.  

The domain is currently active and under investigation by threat intelligence teams. Users are strongly advised to avoid interacting with crypxe-wallet.pages.dev or any unsolicited wallet links, especially those received via direct messages or social media. As of now, no major blocklists have flagged this domain, but this can change rapidly as evidence accumulates. Remaining risk is evaluated as moderate due to low detection rates and active hosting on reputable infrastructure. Immediate action includes blocking the IP and domain at the network perimeter and warning users about this drainer. Users should verify wallet URLs independently and use hardware wallets or air-gapped signing for high-value transactions. Threat intelligence teams continue to monitor this domain for behavioral anomalies and potential network indicators.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/crypxe-wallet.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/crypxe-wallet.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/crypxe-wallet.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/crypxe-wallet.pages.dev/
Last updated: 2026-04-04